Computing devices may use public key cryptography for authentication. For example, a computing device can store a certificate that can be authenticated using certificate chain validation. Certificate chain validation is an iterative process that validates the signature of a signed certificate using the public key of a parent certificate in a chain of certificates. This process continues iteratively until a root public key of a certificate authority is used to validate the signature of the prior certificate within the chain of certificates. Thus, the computing device may be authenticated by virtue of the entire certificate chain being validated by the certificate authority, which is a trusted entity. Once a computing device has been authenticated, a service provider may provide account information or services to the computing device or to a user of the computing device.
Many computing devices are capable of being authenticated through a certificate chain validation process. For example, smartphones and other mobile devices comprise a secure element (e.g., a microchip having separate and secure memory and execution) that stores signed certificates for authentication. The secure elements of such devices may be loaded with the authentication certificates during the manufacturing process. However, some devices may have secure elements storing certificates that have limited authentication capabilities. Such authentications limitations may be due to the narrow scope of the device's intended use (e.g., the device was intended to be authenticated by a single certificate authority). It may be impractical or impossible to load additional certificates onto existing secure elements. Furthermore, it would be costly and time consuming to manufacture new secure elements having more robust authentication capabilities.
Embodiments of the present invention address these and other problems individually and collectively.